severity -1 normal
tags -1 patch
--
Hi,
Raising the severity of this bug, it is a regression from NSS 3.24,
affecting all current NSS packages (in wheezy, jessie, stretch, buster
and sid).
Attached is a patch that re-enables the SSLKEYLOGFILE feature in the
debian rules file. Note that the official Mozilla Firefox builds do this
as well, see https://bugzilla.mozilla.org/show_bug.cgi?id=1188657
This feature can be used for troubleshooting issues or educational
purposes. For example, while trying to audit what background activity is
performed by Firefox, having this feature is essential for understanding
HTTPS sessions. Affected users are students and Kali Linux users.
Without this feature, people currently have at least three options:
- Install chromium which does have this feature.
- Download the official Firefox packages.
- Rebuild nss with this patch (not something for the average user).
Please consider restoring this feature.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
--- debian/rules.orig 2018-03-25 16:24:04.864000000 +0000
+++ debian/rules 2018-03-25 16:24:08.356000000 +0000
@@ -109,6 +109,7 @@
NSPR_INCLUDE_DIR=/usr/include/nspr \
NSPR_LIB_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) \
BUILD_OPT=1 \
+ NSS_ALLOW_SSLKEYLOGFILE=1 \
NS_USE_GCC=1 \
OPTIMIZER="$(CFLAGS) $(CPPFLAGS)" \
LDFLAGS='$(LDFLAGS) $$(ARCHFLAG) $$(ZDEFS_FLAG)' \
